Adobe Releases Security Updates for Multiple Products - 20231213004¶
Overview¶
Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
What is the vulnerability?¶
| CWE ID | CVSS Score | Overview |
|---|---|---|
| CWE-20 | 7.8 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-79 | 5.4 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-125 | 7.8 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-284 | 5.3 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-416 | 7.8 | Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. |
| CWE-476 | 5.5 | A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. |
| CWE-787 | 7.8 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-824 | 3.3 | The product accesses or uses a pointer that has not been initialized. |
What is Vulnerable?¶
| Product | Version | Platform | Bulletin |
|---|---|---|---|
| Adobe Prelude | 22.6 and earlier versions | Windows | APSB23-67 |
| Illustrator 2024 | 28.0 and earlier versions | Windows and macOS | APSB23-68 |
| Illustrator 2023 | 27.9 and earlier versions | Windows and macOS | APSB23-68 |
| Adobe InDesign | ID19.0 and earlier versions | Windows and macOS | APSB23-70 |
| Adobe InDesign | ID17.4.2 and earlier version | Windows and macOS | APSB23-70 |
| Adobe Dimension | 3.4.10 and earlier versions | Windows and macOS | APSB23-71 |
| Adobe Experience Manager (AEM) | AEM Cloud Service (CS) | All | APSB23-72 |
| Adobe Experience Manager (AEM) | 6.5.18.0 and earlier versions | All | APSB23-72 |
| Adobe Substance 3D Stager | 2.1.1 and earlier versions | Windows and macOS | APSB23-73 |
| Adobe Substance 3D Sampler | 4.2.1 and earlier versions | All | APSB23-74 |
| Adobe After Effects | 24.0.3 and earlier versions | Windows and macOS | ASPB23-75 |
| Adobe After Effects | 23.6.0 and earlier versions | Windows and macOS | ASPB23-75 |
| Adobe Substance 3D Designer | 13.0.0 and earlier versions | All | APSB23-76 |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management).